Language:
SEARCH
  • Recent Posts

  • Categories

  • Archives

report phishing

How do I report phishing?

Thursday, October 17th, 2019

You’ve received a suspicious email, what should you do with it? Firstly, don’t click on any links. But just as important, send it to us so we can prevent more staff and students falling prey to the scam. We encourage our customers to submit potential phishing examples for review. Using these submissions, the Cyber Security Incident Response Team (CSIRT) can learn from the analysis of these messages. This collectively helps to improve the level of virus and spam detection.

What is phishing?

Phishing attacks are designed to steal a person’s login and password details so that the cyber criminal can assume control of the victim’s social network, email, and online bank accounts. Seventy percent of internet users choose the same password for almost every web service they use. This is why phishing is so effective, as the criminal, by using the same login details, can access multiple private accounts and manipulate them for their own good. 

More on how to recognise a phishing email. 

Report phishing

  1. On the ICT Partner Portal:
  1. By sending an email:​​
  • Start up a new mail addressed to csirt@sun.ac.za.​​
  • Use the Title “SPAM” (without quotes) in the Subject.​​
  • With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure* and a small icon with a light yellow envelope will appear in the attachments section of the – New Mail.​​
  • Send the mail.​​

*Spam or phishing examples must be sent in either.EML or .MSG format as an attachment and must not be forwarded. This ensures the original email can be analysed with its full Internet message headers intact. Alternatively, use the mail application to save the email (usually located under File | Save As) as an .EML or .MSG format to a folder location, and attach the saved file to a new email.

How to avoid phishing scams

Friday, May 24th, 2019

We are often asked by staff and students what they can do to stop phishing scams, and what software they should install to prevent them from becoming victims. In some cases students have asked us to fix their computers and to install software to block phishing scams.

Of course that request is impossible to fulfil. Phishing scams are like the common cold. Just like you cannot prevent the common cold, you can only adopt a lifestyle, and take precautionary measures to reduce your risk of infection. They will always be there and will always adapt and change. As long as there are people who are uninformed or careless who fall for these scams, phishing attacks will continue.

The best way to reduce your risk is to report all suspected phishing scams on ICT Partner Portal. (Full details at the end of this post). Here are some basic rules to help you to identify phishing scams:

  • Use common sense
    Never click on links, download files or open attachments in email or social media, even if it appears to be from a known, trusted source.
  • Watch out for shortened links
    Pay particularly close attention to shortened links. Always place your mouse over a web link in an email (known as “hovering”) to see if you’re being sent to the right website.
  • Does the email look suspicious?
    Read it again. Many phishing emails are obvious and will have implausible and generally suspicious content.
  • Be wary of threats and urgent deadlines
    Threats and urgency, especially coming from what claims to be a legitimate company, are a giveaway sign of phishing. Ignore the scare tactics and rather contact the company via phone.
  • Browse securely with HTTPS
    Always, where possible, use a secure website, indicated by https:// and a security “lock” icon in the browser’s address bar, to browse.
  • Never use public, unsecured Wi-Fi, including Maties Wi-Fi, for banking, shopping or entering personal information online
    Convenience should never be more important than safety.

If you do receive a phishing e-mail, please report it as soon as possible. Once you have reported the spam or phishing mail, you can delete it immediately.

You can report this on IT’s request logging system, the ICT Partner Portal.

  • Go to the ICT Partner Portal.
  • Fill in your information and add the email as an attachment. Your request will automatically be logged on the system and the appropriate measures will be taken by the system administrators to protect the rest of campus.

[ARTICLE BY DAVID WILES]

Phishing scams requesting quotes and notification about “new message”

Wednesday, November 21st, 2018

Phishing attacks on the university continue with this week’s “flavour” being a return of the old “Request For Quotation” scam. With this scam you might receive an email from a large corporation arrives asking for you to provide a quotation, with an attached PDF that you are asked to fill in and send back to the sender.

Why would an academic department secretary be getting an RFQ to supply industrial supplies like sewage pumps? Scammers often only want to steal information from their victims, and in the case of the Faculty of Health Sciences, the scam RFQ could change to supply something like medical supplies or equipment.

Remember the email may look very convincing, with known company letterheads, VAT certificates etc.

It is important not to respond to the sender or to open up the attachment. Often scammers just need a response so they can identify “live bait” and fine-tune their attack to a particular person.

Another phishing scam that appears to be coming back uses attention-getting subjects like “You have a new message” or “We’ve resolved your dispute” or “SARS refund pending” designed to get your attention. This particular one uses forged “Citibank” branding and informs you that a dispute has been resolved and you will be paid some money, but you are asked to open up a “document” to see the disputed transaction.

The danger is in the document which will be download if you click on the link. In this particular case, it is a document with embedded macros that will install malware on your computer to steal personal information. Normally macros in Microsoft Word are disabled by default, but if you have enabled them for legitimate reasons then there would be a danger to your computer if you attempt to open the attached document.

These phishing scams are sent out to many university email addresses at the same time, so you are not personally being targeted by the phishers. These attacks will continue in various forms, because there are still individuals who fall for these scams, making phishing attacks very profitable.

If you do receive mail like this then please report it to IT Cyber Security. Once you have reported the spam or phishing mail, you can delete it immediately. You can do this in two ways:

  1. By reporting it on the ICT Partner Portal. Go to https://servicedesk.sun.ac.za and select “Report phishing, spam and malware” right at the bottom of the list. Fill in your information and add the email as an attachment. Your request will automatically be logged on the system.
  2. By sending an email
    – Start up a new mail addressed to csirt@sun.ac.za. 
    – Use the Title “SPAM” (without quotes) in the Subject.
    – With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the – New Mail.
    – Send the mail.

[Article by David Wiles]

Warning: Phishing scam exploiting ABSA new logo

Tuesday, July 17th, 2018

Many of you use ABSA as your bank of choice, as well as making use of ABSA Bank’s Internet Banking facilities, so this warning might be of particular significance.

Earlier this month ABSA announced a new logo – part of its rebranding campaign – and almost immediately phishing scammers exploited this opportunity to continue their nefarious campaign of identity theft through phishing email attacks.

Several users have reported getting the following email – allegedly from ABSA – taking advantage of the new logo to target the bank’s customers in a phishing email scam by attempting to trick users to click on a link to take them to a fake website.

The scam email states that it comes from Absa CEO Maria Ramos, but it’s actually from an outside source and informs victims that “today marks a very significant day in the Absa journey”. The email uses Absa’s slogan, saying “We are also launching a new, fresh and vibrant Absa logo and identity that reflects our commitment to you, our customers”. Potential victims are then encouraged to click on their “New Absa eStatements” in PDF format. This is not a statement, but an HTML file which takes users to a phishing website.

Here is one example of the phishing e-mail which has already appeared in several University email accounts, as well as personal home email accounts:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

As always, you should never respond to a suspicious looking email or message or click on a link in any suspicious looking email. Rather delete the email. No South African bank will ever contact customers and request sensitive information (card PIN, card CVV or online banking password) via email, telephone or SMS.

If you have received a phishing email, immediately report it to the Information Technology CyberSecurity Team using the following method:
 
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:
If you did click on the link of a phishing spam and unwittingly gave the scammers your username, email address and password  immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different and is a strong password that will not be easily guessed.), as well as changing the passwords on your social media and private email accounts (especially if you use the same passwords on these accounts.)
 
Useful information on how to report and combat phishing and spam can also be found on our blog

[ARTICLE BY DAVID WILES]

Phishing Scam about “Unexpected Mail Shutdown

Wednesday, June 6th, 2018

There is currently a bombardment of phishing emails arriving in university accounts about an “Unexpected Mail Shutdown”. The mail used alarmist threats about pending shutdowns and has all the signs of a phishing scam, including a website that is not on the university network.

This is a typical phishing scam and although it is being sent to university addresses, you should not react, respond or click on any links, as the phishers insert your email address in the link field and thus can identify your account as functional.

Below is the mail arriving in many university accounts:

 

If you have received this mail like this, please report is to the Information Technology Cybersecurity Team using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za

Attach the phishing or suspicious mail on to the message if possible.
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Information supplied by David Wiles]

 

© 2013-2019 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.